Specifies the customer-managed encryption key (CMEK) that the driver uses for executing queries. If it is not specified, the driver uses the default key encryption key from Google.
To learn more about CMEK, refer to the Google documentation.
specifies the name of the project that you want the driver to connect to.
location
specifies the geographical location where your dataset is stored.
keyring
specifies the key ring value, which is a prerequisite for creating CMEK. To learn how to create a key ring, refer to the Google documentation.
key
specifies the CMEK value. To learn how to create a key, refer to the Google documentation.
Notes
Passing KMSKeyName as part of job configuration is not supported for DDL statements. Therefore, for Create statements, CMEK must be provided using the Options clause, in the following format:
If a table is encrypted using CMEK, you can perform insert and select operations on it with or without specifying CMEK. However, you must not specify an incorrect CMEK, as it leads to query failure.
If you specify a CMEK to query a table that is not encrypted with CMEK, the query will fail.
CMEKs specified at connection are used to execute queries for the life of the connection.
Passing KMSKeyName as part of job configuration is not supported for DDL statements. Therefore, for Create statements, CMEK must be provided using the Options clause, in the following format: